+xThe log shows SSO is being initiated to Okta with a SAML authn request being sent.
If you're not being redirected to Okta, I suspect either there's some HTML markup or code in your application which is circumventing the sending of the authn request.
Please ensure you don't perform any redirects etc in your code after calling SAMLServiceProvider.InitiateSSO.
If there's still an issue, please include a section of your code where you call SAMLServiceProvider.InitiateSSO.
Thanks for your reply.
I don't see any issue within our code since the same code works for all other IDP's and even if I send the un-secure request by for setting following to false, we do see the okta login screen and it works:
<Profiles>
<PartnerIdentityProvider Name="
http://www.okta.com/exk89rwwiahjnDQiv0h7" SignAuthnRequest="false"
SignLogoutRequest="false"
SignLogoutResponse="false"
And one more thing, when I got the above error "
An exception occurred : Failed to generate signature" then we saw the following in saml trace:
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: Initializing the SAML environment.
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: The default SAML configuration has been loaded.
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: The local service provider is
https://customersite.com.ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: The partner identity provider is
http://www.okta.com/exk1z59kczQi8rC150i7.ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: The SAML environment has been successfuly initialized.
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: Initiating SSO to the partner identity provider.
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: Service provider session (y03noyqycovttto54bwxu5a4) state:
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: An assertion consumer service URL hasn't been configured and won't be included in the authn request.
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: SAML message constructed: partner provider=
http://www.okta.com/exk1z59kczQi8rC150i7, SAML message=<samlp:AuthnRequest ID="_6a647cf4-db9a-4ac5-ba1a-78e23936813e" Version="2.0" IssueInstant="2018-09-05T13:48:17.687Z" Destination="
https://xxxxxxxxx/exk1z59kczQi8rC150i7/sso/saml" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
https://customersite.com</saml:Issuer><samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" AllowCreate="true" /></samlp:AuthnRequest>.
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: SAML message ready to send: partner provider=
http://www.okta.com/exk1z59kczQi8rC150i7, SAML message=<samlp:AuthnRequest ID="_6a647cf4-db9a-4ac5-ba1a-78e23936813e" Version="2.0" IssueInstant="2018-09-05T13:48:17.687Z" Destination="
https://xxxxxx/exk1z59kczQi8rC150i7/sso/saml" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
https://customersite.comk</saml:Issuer><samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" AllowCreate="true" /></samlp:AuthnRequest>, destination URL=
https://xxxxxxxx/exk1z59kczQi8rC150i7/sso/saml.ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: Retrieving the local service provider signature certificates for the default configuration and partner identity provider
http://www.okta.com/exk1z59kczQi8rC150i7.ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: Searching the X.509 store LocalMachine for the certificate with find type: FindByThumbprint and find value: 3612C5178066B8840EA31B2093AE24114B8BCC61.
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: The X.509 certificate with subject name CN=*.cert, OU=Domain Control Validated and serial number xxxxx has been loaded.
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: The X.509 certificate with subject name CN=*.cert, OU=Domain Control Validated and serial number xxxxx has been cached.
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17:
Sending request over HTTP Redirect, baseURL=https://xxxxxxxxx/exk1z59kczQi8rC150i7/sso/saml, samlMessage=<samlp:AuthnRequest ID="_6a647cf4-db9a-4ac5-ba1a-78e23936813e" Version="2.0" IssueInstant="2018-09-05T13:48:17.687Z" Destination="
https://xxxxxxxxx/exk1z59kczQi8rC150i7/sso/saml" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
https://customersite.com</saml:Issuer><samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" AllowCreate="true" /></samlp:AuthnRequest>, relayState=
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: Creating HTTP redirect query string
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: Encoding SAML message: <samlp:AuthnRequest ID="_6a647cf4-db9a-4ac5-ba1a-78e23936813e" Version="2.0" IssueInstant="2018-09-05T13:48:17.687Z" Destination="
https://xxxxxxxx/exk1z59kczQi8rC150i7/sso/saml" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
https://customersite.com</saml:Issuer><samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" AllowCreate="true" /></samlp:AuthnRequest>
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: Encoded SAML message: fZJLT8MwEIT/SuS7k7ivpFZbqVAhKvEIUHHgUm3dLbWa2MHr0MevJ0kRKge4jnd2dj55RFDkpZxWfmue8aNC8sF8NmbLAQx6idr0+Ho1BN4D1ecrEMCTFDvdYXeQii6y4BUdaWvGrBPGLJgTVTg35MH4WopFyuMhj/sL0ZW9VIokHKTJGwtmdYo24Fvn1vuSZBQZPHBtPDoDeWh3HjgWCKGyRQRl2Ty/O1uVy9XRI5Gx+6WI8LATp/5wp05POnXXoh/rJCKyUdOKBTfWKWyrjdkGcsLmxAyI9Cf+KJmz3iqbX2mz1uZ9zCpnpAXSJA0USNIr+TK9v5N1Rbk6D5G8XSwynj2+LFhwKHJDsuX4v7n8TmKTUTMtW1zuwv+/vb4bXcOMTS6ZQUFhy6RGFVa7UXSx+xxUyod62XyW2VyrY0OlAP93lghFq+g137SjsjJUotIbjWsWTPPc7q8dgq8ZelfVCKPJOfX3P5p8AQ==
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: Query string: SAMLRequest=fZJLT8MwEIT%2FSuS7k7ivpFZbqVAhKvEIUHHgUm3dLbWa2MHr0MevJ0kRKge4jnd2dj55RFDkpZxWfmue8aNC8sF8NmbLAQx6idr0%2BHo1BN4D1ecrEMCTFDvdYXeQii6y4BUdaWvGrBPGLJgTVTg35MH4WopFyuMhj%2FsL0ZW9VIokHKTJGwtmdYo24Fvn1vuSZBQZPHBtPDoDeWh3HjgWCKGyRQRl2Ty%2FO1uVy9XRI5Gx%2B6WI8LATp%2F5wp05POnXXoh%2FrJCKyUdOKBTfWKWyrjdkGcsLmxAyI9Cf%2BKJmz3iqbX2mz1uZ9zCpnpAXSJA0USNIr%2BTK9v5N1Rbk6D5G8XSwynj2%2BLFhwKHJDsuX4v7n8TmKTUTMtW1zuwv%2B%2Fvb4bXcOMTS6ZQUFhy6RGFVa7UXSx%2BxxUyod62XyW2VyrY0OlAP93lghFq%2Bg137SjsjJUotIbjWsWTPPc7q8dgq8ZelfVCKPJOfX3P5p8AQ%3D%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: Generating signature
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: Data to sign: 53 41 4d 4c 52 65 71 75 65 73 74 3d 66 5a 4a 4c 54 38 4d 77 45 49 54 25 32 46 53 75 53 37 6b 37 69 76 70 46 5a 62 71 56 41 68 4b 76 45 49 55 48 48 67 55 6d 33 64 4c 62 57 61 32 4d 48 72 30 4d 65 76 4a 30 6b 52 4b 67 65 34 6a 6e 64 32 64 6a 35 35 52 46 44 6b 70 5a 78 57 66 6d 75 65 38 61 4e 43 38 73 46 38 4e 6d 62 4c 41 51 78 36 69 64 72 30 25 32 42 48 6f 31 42 4e 34 44 31 65 63 72 45 4d 43 54 46 44 76 64 59 58 65 51 69 69 36 79 34 42 55 64 61 57 76 47 72 42 50 47 4c 4a 67 54 56 54 67 33 35 4d 48 34 57 6f 70 46 79 75 4d 68 6a 25 32 46 73 4c 30 5a 57 39 56 49 6f 6b 48 4b 54 4a 47 77 74 6d 64 59 6f 32 34 46 76 6e 31 76 75 53 5a 42 51 5a 50 48 42 74 50 44 6f 44 65 57 68 33 48 6a 67 57 43 4b 47 79 52 51 52 6c 32 54 79 25 32 46 4f 31 75 56 79 39 58 52 49 35 47 78 25 32 42 36 57 49 38 4c 41 54 70 25 32 46 35 77 70 30 35 50 4f 6e 58 58 6f 68 25 32 46 72 4a 43 4b 79 55 64 4f 4b 42 54 66 57 4b 57 79 72 6a 64 6b 47 63 73 4c 6d 78 41 79 49 39 43 66 25 32 42 4b 4a 6d 7a 33 69 71 62 58 32 6d 7a 31 75 5a 39 7a 43 70 6e 70 41 58 53 4a 41 30 55 53 4e 49 72 25 32 42 54 4b 39 76 35 4e 31 52 62 6b 36 44 35 47 38 58 53 77 79 6e 6a 32 25 32 42 4c 46 68 77 4b 48 4a 44 73 75 58 34 76 37 6e 38 54 6d 4b 54 55 54 4d 74 57 31 7a 75 77 76 25 32 42 25 32 46 76 62 34 62 58 63 4f 4d 54 53 36 5a 51 55 46 68 79 36 52 47 46 56 61 37 55 58 53 78 25 32 42 78 78 55 79 6f 64 36 32 58 79 57 32 56 79 72 59 30 4f 6c 41 50 39 33 6c 67 68 46 71 25 32 42 67 31 33 37 53 6a 73 6a 4a 55 6f 74 49 62 6a 57 73 57 54 50 50 63 37 71 38 64 67 71 38 5a 65 6c 66 56 43 4b 50 4a 4f 66 58 33 50 35 70 38 41 51 25 33 44 25 33 44 26 53 69 67 41 6c 67 3d 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 77 33 2e 6f 72 67 25 32 46 32 30 30 31 25 32 46 30 34 25 32 46 78 6d 6c 64 73 69 67 2d 6d 6f 72 65 25 32 33 72 73 61 2d 73 68 61 32 35 36
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: Signature algorithm:
http://www.w3.org/2001/04/xmldsig-more#rsa-sha256ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: Exception: ComponentSpace.SAML2.Exceptions.SAMLSignatureException: Failed to generate signature ---> System.Security.Cryptography.CryptographicException: Invalid algorithm specified.
And now, there is no redirect after the certificate gets load (see last reply).
Thanks for your help.